Still Learning, Part One
Posted 2007 Feb 01Recently, I was struggling with part of my Rails application. Feeling I was missing the point, I sent this submission to The Rails Way.
In a nutshell, I have a attendance management system that can support many different organizations ( e.g. schools, churches, etc.). All facets of the attendance management system are “tied” to a particular organization such that a user in a given organization can only create, edit or view data with a matching organization_id. I think you can guess my problem now…
I end up having to pass the current user’s “organization_id” around EVERYWHERE. I’ve been able to DRY to a certain degree using with_scope:
class User < ActiveRecord::Base
belongs_to :organization
end
class Attendance < ActiveRecord::Basee
belongs_to :organization
# current_user is an instance of User, passed in by the controller
def Attendance.find_todays_attendance(current_user)
Attendance.with_organization_scope(current_user.organization_id) do
find(:all, :conditions => ['attendance_recorded_on = ?', Date.today])
end
end
def Attendance.with_organization_scope(org_id)
with_scope(:find => {:conditions => ["attendances.organization_id = ?", org_id]}) do
yield
end
end
end
And so on. But I still have to add current_user or organization_id as a parameter to just about every method call. And the biggest problem is that it fails “silently” – i.e. if you forget to check the organization_id you could expose another organization’s private data.
Check back for Part Two where I think I’ve finally seen the light.